Enforce regex in security orchestration schema
What does this MR do and why?
It enforces regex in security orchestration schema by using patternProperties
in the security policy JSON schema
How to set up and validate locally
- Switch to the
master
branch. - On a project, navigate to Security and Compliance -> Policies.
- Select New policy.
- Select Scan execution policy.
- Switch to .yaml mode.
- Copy and paste the example policy below.
- Select Configure with a merge request.
- A merge request should be created without validation errors.
- Switch to the
388135-enforce-regular-expressions-in-security-orchestration-schema
branch. - Do steps 1 to 7.
- It should now fail with "property '/scan_execution_policy/5/rules/0/agents/my agent' is invalid: error_type=schema"
- Replace the key
my agent
withmy-agent
(removing the whitespace). - Select Configure with a merge request.
- A merge request should be created without validation errors.
Example policy
type: scan_execution_policy
name: Kubernetes cluster scan
enabled: true
actions:
- scan: container_scanning
rules:
- type: schedule
cadence: '0 10 * * *'
agents:
my agent:
namespaces:
- 'default'
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #388135 (closed)
Edited by Andy Schoenen